Primary

Context

Synology Mail Server Authorization Vulnerability Allowing Unrestricted Access to Non-Sensitive Settings

Vulnerability

A vulnerability exists in Synology Mail Server that enables remote authenticated attackers to read and modify non-sensitive settings, as well as disable certain non-critical functions. This issue arises from missing authorization checks, allowing for unauthorized changes by authenticated users.

Impact

Exploitation of this vulnerability could lead to unauthorized modification of settings and disruption of non-critical functions within the Mail Server application.

Remediation

Users are advised to upgrade to Synology Mail Server version 1.7.6-20676 or above for DSM 7.2, or version 1.7.6-10676 or above for DSM 7.1.

Added: Dec 4, 2025, 3:25 PM

Updated: Dec 4, 2025, 6:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

5.2

remediation

7.7

relevance

1.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

5.2

remediation

7.7

relevance

1.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Synology Mail Server Authorization Vulnerability Allowing Unrestricted Access to Non-Sensitive Settings

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating